Pwn2Own Toronto 2022 Day 2: Participants earned $281K

Pwn2Own Toronto 2022 Day Two – Participants demonstrated exploits for smart speaker, smartphone, printer, router, and NAS.

On the first day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition participants earned $400,000 for 26 unique zero-day exploits.

On the second day of the competition, participants earned more $281,000 for smart speaker, smartphone, printer, router, and NAS exploits.

Researchers from Qrious Secure team used two flaws to execute an attack against the Sonos One Speaker, they earned $60K and 6 Master of Pwn points.

STAR Labs team also hacked the Sonos One Speaker in the Smart Speaker category using one unique bug and another previously known bug. The team earned $22,500 and 4.5 Master of Pwn points.

The Bugscale team demonstrated an exploit against the Synology router and HP Printer using one unique bug and another previously known flaw. The team earned $37,500 and 7.5 Master of Pwn points.

The researchers from Interrupt Labs executed an improper input validation attack against the Samsung Galaxy S22 in the Mobile Phone category. The team earned $25K and 5 Master of Pwn points.

The researcher Luca Moro was awarded $40,000 for a Classic Buffer Overflow attack against the WD My Cloud Pro Series PR4100 in the NAS category.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Pwn2Own Toronto 2022)

[adrotate banner=”5″]

[adrotate banner=”13″]